---
title: Where do I go from here?
course: intro_pentest
section: "Web-Based Exploitation"
layout: lesson
---

As has been pointed out several times, there is little doubt that this attack
vector will continue to grow. Once you have mastered the basics we discussed in
this section, you should expand your knowledge by digging in and learning some
of the most advanced topics of web application hackign including client-side
attacks, session management, source code auditing and many more. If you are
unsure of what else to study and want to keep up on the latest web-attack
happenings keep an eye on the “OWASP top ten”. The OWASP Top Ten project is an
official list of the top web threats as defined by leading security researches
and top experts.

Since we are talking about OWASP and they have graciously provided you a
fantastic tool to learn about and test web application security, there are many
benefits of joining the OWASP organization. Once you are a member, there are
several ways to get involved with the various projects and continue to expand
your knowledge of web security.

Along with the great WebScarab project, you should explore other web proxies as
well. Both the Burp Proxy and Paros Proxy are excellent (and free) tools for
intercepting requests, modifying data and spidering websites.
